🔄 Synced file(s) with ottrproject/OTTR_Template_Website#10
🔄 Synced file(s) with ottrproject/OTTR_Template_Website#10jhudsl-robot wants to merge 3 commits into
Conversation
OTTR Check ResultsSummary
🎉 All checks passed!Last Updated: 2025-06-06-21:06:19 |
|
Re-rendered previews from the latest commit:
* note not all html features will be properly displayed in the "quick preview" but it will give you a rough idea. Updated at 2025-06-06 with changes from the latest commit 61e640b |
release-renderActionTry2
…hub/workflows/render-all.yml' release-renderActionTry2
…n.yml' release-renderActionTry2
jhudsl-robot
force-pushed
the
repo-sync/OTTR_Template_Website/default
branch
from
4d68941 to
cf9c863
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| uses: actions/checkout@v4 | ||
|
|
||
| # Use the yaml-env-action action. | ||
| - name: Load environment from YAML | ||
| uses: doughepi/yaml-env-action@v1.0.0 | ||
| with: | ||
| files: config_automation.yml # Pass a space-separated list of configuration files. Rightmost files take precedence. | ||
| outputs: | ||
| toggle_website: "${{ env.RENDER_WEBSITE }}" | ||
| rendering_docker_image: "${{ env.RENDERING_DOCKER_IMAGE }}" | ||
|
|
||
| render-website: | ||
| name: Render website | ||
| needs: yaml-check | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the issue, we will add a permissions block at the root of the workflow to define the least privileges required for all jobs. Based on the workflow's functionality, it primarily involves reading repository contents and using external actions. Therefore, we will set contents: read as the minimal permission. If any job requires additional permissions, they can be specified within the job's permissions block.
| @@ -4,2 +4,4 @@ | ||
| name: Render website | ||
| permissions: | ||
| contents: read | ||
|
|
| name: Render website | ||
| needs: yaml-check | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| token: ${{ secrets.GH_PAT }} | ||
|
|
||
| - name: Run render | ||
| id: render | ||
| uses: ottrproject/ottr-preview@main | ||
| with: | ||
| toggle_website: ${{needs.yaml-check.outputs.toggle_website}} | ||
| preview: false | ||
| token: ${{ secrets.GH_PAT }} | ||
| docker_image: ${{needs.yaml-check.outputs.rendering_docker_image}} |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the issue, we need to add a permissions block to the workflow. This block should specify the least privileges required for the workflow to function correctly. Based on the workflow's operations, it likely only needs contents: read permissions to interact with repository contents. If additional permissions are required for specific jobs, they can be added to those jobs individually.
The permissions block should be added at the root level of the workflow to apply to all jobs unless overridden by job-specific permissions.
| @@ -5,2 +5,5 @@ | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| on: |
|
Need to go through this and make sure that this doesn't impact the dashboard -- on a cursory glance, need to undelete the refresh data workflow, and then see what else is impacted besides switching it new OTTR actions |
3 participants
Synced local file(s) with ottrproject/OTTR_Template_Website.
Changed files
.github/workflows/with remote directory.github/workflows/.github/workflows/render-site.ymlfrom remote.github/workflows/render-all.ymlconfig_automation.ymlfrom remoteconfig_automation.ymlThis PR was created automatically by the repo-file-sync-action workflow run #15499754522